TheSupe87 - Fotolia

Is consumer data privacy at risk under cybersecurity legislation?

#GRCChat participants discuss how cybersecurity legislation could hurt data privacy and what personal information protections should be included in the new rules.

New U.S. cybersecurity legislation designed to prevent future data breaches continues to be debated by U.S. legislators, and consumer privacy remains a sticking point. Bills such as the Protecting Cyber Networks Act (PCNA) propose systems for private companies to share information about cyber threats with government agencies. Opponents fear that including this type of information sharing in cybersecurity legislation will hurt privacy by helping the U.S. government collect consumer data for law enforcement or surveillance purposes.

Proposed cybersecurity bills such as PCNA continue to raise questions about what U.S. citizens are willing to give up to prevent massive data breaches that have become the norm. Most agree that there should be some sort of cybersecurity legislation, but consumer data privacy remains a major priority. In this #GRCChat recap, participants discuss how cybersecurity legislation could affect privacy and what precautions should be taken to protect consumer data.

Will data sharing policies proposed in cybersecurity legislation hurt consumer privacy? Why or why not?

Although cybersecurity legislation is meant to protect consumer privacy, some think that it would actually undermine it. Detractors of cybersecurity legislation specifically worry about the amount of consumer data that would be available to the government should proposed bills become law. #GRCChat participants acknowledged privacy is a legitimate concern, but added that data sharing stipulations may be necessary:

Although some #GRCchat-ters agreed that cybersecurity legislation is needed, they added that current proposed legislation is lacking from a consumer privacy standpoint:

The lack of a consumer presence wasn't the only fault found with proposed cybersecurity legislation. Participants thought that bills often demonstrated a lack of knowledge regarding technology and suggested that more experts should be consulted when creating cybersecurity legislation:

What privacy protections must be in cybersecurity legislation to ensure consumer data is not violated?

Participants discussed how some consumer data privacy sacrifices might be necessary to protect information under cybersecurity legislation, but added there is still a need for controls on what exactly the government can and cannot do with consumer data.

One participant stated that cybersecurity legislation still has a long way to go, especially when it comes to transparency:

SearchCompliance site editor Ben Cole advocated for finding the right mix of government involvement and privacy protection, before pointing out the problem that innovation presents: New tech could either provide more security, or create new opportunities for data breaches.

How do you think cybersecurity legislation will affect consumer data privacy? Sound off in the comments section below.

Next Steps

Security information sharing needed, says government cybersecurity experts

Finding the line between data analytics and consumer data privacy

A look at past cybersecurity legislation with the Cybersecurity Act of 2009

Dig Deeper on Risk management and compliance